mirror of
https://github.com/YunoHost-Apps/vaultwarden_ynh.git
synced 2024-09-03 18:26:31 +02:00
commit
174b4125c5
30 changed files with 201 additions and 1376 deletions
65
.github/workflows/updater.sh
vendored
65
.github/workflows/updater.sh
vendored
|
@ -1,65 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
#=================================================
|
||||
# PACKAGE UPDATING HELPER
|
||||
#=================================================
|
||||
|
||||
# This script is meant to be run by GitHub Actions
|
||||
# The YunoHost-Apps organisation offers a template Action to run this script periodically
|
||||
# Since each app is different, maintainers can adapt its contents so as to perform
|
||||
# automatic actions when a new upstream release is detected.
|
||||
|
||||
#=================================================
|
||||
# FETCHING LATEST RELEASE AND ITS ASSETS
|
||||
#=================================================
|
||||
|
||||
# Fetching information
|
||||
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
|
||||
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
|
||||
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
|
||||
version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
|
||||
|
||||
# Later down the script, we assume the version has only digits and dots
|
||||
# Sometimes the release name starts with a "v", so let's filter it out.
|
||||
# You may need more tweaks here if the upstream repository has different naming conventions.
|
||||
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
|
||||
version=${version:1}
|
||||
fi
|
||||
|
||||
# Setting up the environment variables
|
||||
echo "Current version: $current_version"
|
||||
echo "Latest release from upstream: $version"
|
||||
echo "VERSION=$version" >> $GITHUB_ENV
|
||||
echo "REPO=$repo" >> $GITHUB_ENV
|
||||
# For the time being, let's assume the script will fail
|
||||
echo "PROCEED=false" >> $GITHUB_ENV
|
||||
|
||||
# Proceed only if the retrieved version is greater than the current one
|
||||
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
|
||||
echo "::warning ::No new version available"
|
||||
exit 0
|
||||
# Proceed only if a PR for this new version does not already exist
|
||||
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
|
||||
echo "::warning ::A branch already exists for this update"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC UPDATE STEPS
|
||||
#=================================================
|
||||
|
||||
# Any action on the app's source code can be done.
|
||||
# The GitHub Action workflow takes care of committing all changes after this script ends.
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
|
||||
# Replace new version in manifest
|
||||
echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
|
||||
|
||||
# No need to update the README, yunohost-bot takes care of it
|
||||
|
||||
# The Action will proceed only if the PROCEED environment variable is set to true
|
||||
echo "PROCEED=true" >> $GITHUB_ENV
|
||||
exit 0
|
50
.github/workflows/updater.yml
vendored
50
.github/workflows/updater.yml
vendored
|
@ -1,50 +0,0 @@
|
|||
# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
|
||||
# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
|
||||
# This file should be enough by itself, but feel free to tune it to your needs.
|
||||
# It calls updater.sh, which is where you should put the app-specific update steps.
|
||||
name: Check for new upstream releases
|
||||
on:
|
||||
# Allow to manually trigger the workflow
|
||||
workflow_dispatch:
|
||||
# Run it every day at 6:00 UTC
|
||||
schedule:
|
||||
- cron: '0 6 * * *'
|
||||
jobs:
|
||||
updater:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Fetch the source code
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Run the updater script
|
||||
id: run_updater
|
||||
run: |
|
||||
# Setting up Git user
|
||||
git config --global user.name 'yunohost-bot'
|
||||
git config --global user.email 'yunohost-bot@users.noreply.github.com'
|
||||
# Run the updater script
|
||||
/bin/bash .github/workflows/updater.sh
|
||||
- name: Commit changes
|
||||
id: commit
|
||||
if: ${{ env.PROCEED == 'true' }}
|
||||
run: |
|
||||
git commit -am "Upgrade to v$VERSION"
|
||||
- name: Create Pull Request
|
||||
id: cpr
|
||||
if: ${{ env.PROCEED == 'true' }}
|
||||
uses: peter-evans/create-pull-request@v4
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
commit-message: Update to version ${{ env.VERSION }}
|
||||
committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
|
||||
author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
|
||||
signoff: false
|
||||
base: testing
|
||||
branch: ci-auto-update-v${{ env.VERSION }}
|
||||
delete-branch: true
|
||||
title: 'Upgrade to version ${{ env.VERSION }}'
|
||||
body: |
|
||||
Upgrade to v${{ env.VERSION }}
|
||||
draft: false
|
||||
|
23
README.md
23
README.md
|
@ -26,34 +26,11 @@ Alternative implementation of the Bitwarden server API written in Rust and compa
|
|||
|
||||
![Screenshot of Vaultwarden](./doc/screenshots/screenshot1.png)
|
||||
|
||||
## Disclaimers / important information
|
||||
|
||||
### Install
|
||||
|
||||
This package compile Vaultwarden from sources, that can take a long time on a small computer :
|
||||
|
||||
* When installing on a Raspberry Pi 3, this can take more than 1 hour.
|
||||
* When installing from the webadmin, you can encounter the "504 Gateway Timeout": this is fine, just let it finish in the background.
|
||||
|
||||
### Migrate from Bitwarden
|
||||
|
||||
This package handle the migration from Bitwarden to Vaultwarden.
|
||||
For that, you will have to upgrade your Bitwarden application with this repository.
|
||||
This can only be done from the command-line interface - e.g. through SSH.
|
||||
Once you're connected, you simply have to execute the following:
|
||||
|
||||
```bash
|
||||
sudo yunohost app upgrade bitwarden -u https://github.com/YunoHost-Apps/vaultwarden_ynh --debug
|
||||
```
|
||||
|
||||
The `--debug` option will let you see the full output. If you encounter any issue, please paste it.
|
||||
|
||||
## Documentation and resources
|
||||
|
||||
* Official user documentation: <https://help.bitwarden.com/>
|
||||
* Official admin documentation: <https://github.com/dani-garcia/vaultwarden/wiki>
|
||||
* Upstream app code repository: <https://github.com/dani-garcia/vaultwarden>
|
||||
* YunoHost documentation for this app: <https://yunohost.org/app_vaultwarden>
|
||||
* Report a bug: <https://github.com/YunoHost-Apps/vaultwarden_ynh/issues>
|
||||
|
||||
## Developer info
|
||||
|
|
25
README_fr.md
25
README_fr.md
|
@ -16,7 +16,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
|
|||
|
||||
## Vue d’ensemble
|
||||
|
||||
Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
|
||||
Implémentation alternative de l'API du serveur Bitwarden écrite en Rust et compatible avec les clients Bitwarden en amont*, parfaite pour un déploiement auto-hébergé où l'exécution du service officiel gourmand en ressources n'est peut-être pas idéale.
|
||||
|
||||
**Version incluse :** 1.29.1~ynh1
|
||||
|
||||
|
@ -26,34 +26,11 @@ Alternative implementation of the Bitwarden server API written in Rust and compa
|
|||
|
||||
![Capture d’écran de Vaultwarden](./doc/screenshots/screenshot1.png)
|
||||
|
||||
## Avertissements / informations importantes
|
||||
|
||||
### Install
|
||||
|
||||
This package compile Vaultwarden from sources, that can take a long time on a small computer :
|
||||
|
||||
* When installing on a Raspberry Pi 3, this can take more than 1 hour.
|
||||
* When installing from the webadmin, you can encounter the "504 Gateway Timeout": this is fine, just let it finish in the background.
|
||||
|
||||
### Migrate from Bitwarden
|
||||
|
||||
This package handle the migration from Bitwarden to Vaultwarden.
|
||||
For that, you will have to upgrade your Bitwarden application with this repository.
|
||||
This can only be done from the command-line interface - e.g. through SSH.
|
||||
Once you're connected, you simply have to execute the following:
|
||||
|
||||
```bash
|
||||
sudo yunohost app upgrade bitwarden -u https://github.com/YunoHost-Apps/vaultwarden_ynh --debug
|
||||
```
|
||||
|
||||
The `--debug` option will let you see the full output. If you encounter any issue, please paste it.
|
||||
|
||||
## Documentations et ressources
|
||||
|
||||
* Documentation officielle utilisateur : <https://help.bitwarden.com/>
|
||||
* Documentation officielle de l’admin : <https://github.com/dani-garcia/vaultwarden/wiki>
|
||||
* Dépôt de code officiel de l’app : <https://github.com/dani-garcia/vaultwarden>
|
||||
* Documentation YunoHost pour cette app : <https://yunohost.org/app_vaultwarden>
|
||||
* Signaler un bug : <https://github.com/YunoHost-Apps/vaultwarden_ynh/issues>
|
||||
|
||||
## Informations pour les développeurs
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
;; Test complet
|
||||
; Manifest
|
||||
domain="domain.tld"
|
||||
path="/path"
|
||||
is_public=1
|
||||
admin="john"
|
||||
; Checks
|
||||
pkg_linter=1
|
||||
setup_sub_dir=1
|
||||
setup_root=1
|
||||
setup_nourl=0
|
||||
setup_private=1
|
||||
setup_public=1
|
||||
upgrade=1
|
||||
# Bitwarden 1.20.0~ynh4
|
||||
#upgrade=1 from_commit=d5e1fa7d327c55d8e5ae4c24e7c6aaac006256db
|
||||
# 1.21.0~ynh1
|
||||
upgrade=1 from_commit=3f7d7d2740a1cb3f16a290b64c89e84422d06ede
|
||||
# 1.21.0~ynh2
|
||||
upgrade=1 from_commit=703d5a9cb86d127c7723bb380d7c392a8eb9e703
|
||||
# 1.23.0~ynh1
|
||||
upgrade=1 from_commit=2808a3a8e985bb5431f6d8f2353b07201355afe4
|
||||
# 1.23.0~ynh3
|
||||
upgrade=1 from_commit=7492e0d21c795696f4ff44912edc199437d4bb71
|
||||
backup_restore=1
|
||||
multi_instance=1
|
||||
port_already_use=0
|
||||
change_url=1
|
||||
;;; Options
|
||||
Email=
|
||||
Notification=none
|
|
@ -1,15 +0,0 @@
|
|||
# App main directory
|
||||
/var/www/$app
|
||||
|
||||
# NGINX web server configuration
|
||||
/etc/nginx/conf.d/$domain.d/$app.conf
|
||||
|
||||
# App logs
|
||||
/var/log/$app/
|
||||
|
||||
# Service configuration
|
||||
/etc/systemd/system/$app.service
|
||||
|
||||
# Fail2Ban configuration
|
||||
/etc/fail2ban/jail.d/$app.conf
|
||||
/etc/fail2ban/filter.d/$app.conf
|
|
@ -1,38 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Ending the migration process from Bitwarden to Vaultwarden
|
||||
|
||||
set -u
|
||||
|
||||
#=================================================
|
||||
# IMPORT GENERIC HELPERS
|
||||
#=================================================
|
||||
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
#=================================================
|
||||
# SET VARIABLES
|
||||
#=================================================
|
||||
|
||||
old_app="__OLD_APP__"
|
||||
new_app="__NEW_APP__"
|
||||
script_name="$0"
|
||||
|
||||
#=================================================
|
||||
# DELETE OLD APP'S SETTINGS
|
||||
#=================================================
|
||||
|
||||
ynh_secure_remove --file="/etc/yunohost/apps/$old_app"
|
||||
yunohost app ssowatconf
|
||||
|
||||
#=================================================
|
||||
# REMOVE THE OLD USER
|
||||
#=================================================
|
||||
|
||||
ynh_system_user_delete --username="$old_app"
|
||||
|
||||
#=================================================
|
||||
# DELETE THIS SCRIPT
|
||||
#=================================================
|
||||
|
||||
echo "rm $script_name" | at now + 1 minutes
|
|
@ -1,5 +0,0 @@
|
|||
vaultwarden was successfully installed :)
|
||||
Please open https://__DOMAIN____PATH_URL__/admin
|
||||
The admin token is: __ADMIN_TOKEN__
|
||||
You will be able to invite users to your vaultwarden instance.
|
||||
If you facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/vaultwarden_ynh
|
|
@ -2,7 +2,7 @@
|
|||
location __PATH__/ {
|
||||
|
||||
# Path to source
|
||||
alias __FINALPATH__/;
|
||||
alias __INSTALL_DIR__/;
|
||||
|
||||
# Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
|
||||
client_max_body_size 100M;
|
||||
|
@ -11,21 +11,18 @@ location __PATH__/ {
|
|||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://127.0.0.1:__ROCKET_PORT__;
|
||||
|
||||
# Include SSOWAT user panel.
|
||||
include conf.d/yunohost_panel.conf.inc;
|
||||
proxy_pass http://127.0.0.1:__PORT_ROCKET__;
|
||||
}
|
||||
|
||||
location __FINALPATH__/notifications/hub {
|
||||
location __INSTALL_DIR__/notifications/hub {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_pass http://127.0.0.1:__WEBSOCKET_PORT__;
|
||||
proxy_pass http://127.0.0.1:__PORT_WEBSOCKET__;
|
||||
}
|
||||
|
||||
location __FINALPATH__/notifications/hub/negotiate {
|
||||
proxy_pass http://127.0.0.1:__ROCKET_PORT__;
|
||||
location __INSTALL_DIR__/notifications/hub/negotiate {
|
||||
proxy_pass http://127.0.0.1:__PORT_ROCKET__;
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
[Unit]
|
||||
Description=vaultwarden Server (Rust Edition)
|
||||
Description=Vaultwarden Server (Rust Edition)
|
||||
Documentation=https://github.com/dani-garcia/vaultwarden
|
||||
After=network.target
|
||||
|
||||
|
@ -7,10 +7,10 @@ After=network.target
|
|||
# The user/group vaultwarden is run under. the working directory (see below) should allow write and read access to this user/group
|
||||
User=__APP__
|
||||
Group=__APP__
|
||||
WorkingDirectory=__FINALPATH__/live/
|
||||
ReadWriteDirectories=__FINALPATH__/live/ __DATADIR__/ /var/log/__APP__/
|
||||
EnvironmentFile=__FINALPATH__/live/.env
|
||||
ExecStart=__FINALPATH__/live/vaultwarden
|
||||
WorkingDirectory=__INSTALL_DIR__/live/
|
||||
ReadWriteDirectories=__INSTALL_DIR__/live/ __DATA_DIR__/ /var/log/__APP__/
|
||||
EnvironmentFile=__INSTALL_DIR__/live/.env
|
||||
ExecStart=__INSTALL_DIR__/live/vaultwarden
|
||||
|
||||
# Set reasonable connection and process limits
|
||||
LimitNOFILE=1048576
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
## vaultwarden.
|
||||
|
||||
## Main data folder
|
||||
DATA_FOLDER=__DATADIR__
|
||||
DATA_FOLDER=__DATA_DIR__
|
||||
|
||||
## Database URL
|
||||
## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3
|
||||
|
@ -69,7 +69,7 @@ WEBSOCKET_ENABLED=true
|
|||
|
||||
## Controls the WebSocket server address and port
|
||||
WEBSOCKET_ADDRESS=127.0.0.1
|
||||
WEBSOCKET_PORT=__WEBSOCKET_PORT__
|
||||
WEBSOCKET_PORT=__PORT_WEBSOCKET__
|
||||
|
||||
## Controls whether users are allowed to create Bitwarden Sends.
|
||||
## This setting applies globally to all users.
|
||||
|
@ -283,7 +283,7 @@ ADMIN_TOKEN=__ADMIN_TOKEN__
|
|||
## It's recommended to configure this value, otherwise certain functionality might not work,
|
||||
## like attachment downloads, email links and U2F.
|
||||
## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
|
||||
DOMAIN=https://__DOMAIN____PATH_URL__
|
||||
DOMAIN=https://__DOMAIN____PATH__
|
||||
|
||||
## Allowed iframe ancestors (Know the risks!)
|
||||
## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
|
||||
|
@ -337,7 +337,7 @@ DOMAIN=https://__DOMAIN____PATH_URL__
|
|||
## Rocket specific settings
|
||||
## See https://rocket.rs/v0.4/guide/configuration/ for more details.
|
||||
ROCKET_ADDRESS=127.0.0.1
|
||||
ROCKET_PORT=__ROCKET_PORT__
|
||||
ROCKET_PORT=__PORT_ROCKET__
|
||||
ROCKET_WORKERS=1
|
||||
# ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
|
||||
|
||||
|
@ -349,8 +349,8 @@ SMTP_FROM=vaultwarden-rs@__DOMAIN__
|
|||
SMTP_FROM_NAME=Vaultwarden
|
||||
SMTP_SECURITY=off
|
||||
SMTP_PORT=25
|
||||
# SMTP_USERNAME=username
|
||||
# SMTP_PASSWORD=password
|
||||
SMTP_USERNAME=__APP__
|
||||
SMTP_PASSWORD=__MAIL_PWD__
|
||||
# SMTP_TIMEOUT=15
|
||||
|
||||
## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections.
|
||||
|
|
1
doc/DESCRIPTION_fr.md
Normal file
1
doc/DESCRIPTION_fr.md
Normal file
|
@ -0,0 +1 @@
|
|||
Implémentation alternative de l'API du serveur Bitwarden écrite en Rust et compatible avec les clients Bitwarden en amont*, parfaite pour un déploiement auto-hébergé où l'exécution du service officiel gourmand en ressources n'est peut-être pas idéale.
|
|
@ -1,19 +0,0 @@
|
|||
### Install
|
||||
|
||||
This package compile Vaultwarden from sources, that can take a long time on a small computer :
|
||||
|
||||
* When installing on a Raspberry Pi 3, this can take more than 1 hour.
|
||||
* When installing from the webadmin, you can encounter the "504 Gateway Timeout": this is fine, just let it finish in the background.
|
||||
|
||||
### Migrate from Bitwarden
|
||||
|
||||
This package handle the migration from Bitwarden to Vaultwarden.
|
||||
For that, you will have to upgrade your Bitwarden application with this repository.
|
||||
This can only be done from the command-line interface - e.g. through SSH.
|
||||
Once you're connected, you simply have to execute the following:
|
||||
|
||||
```bash
|
||||
sudo yunohost app upgrade bitwarden -u https://github.com/YunoHost-Apps/vaultwarden_ynh --debug
|
||||
```
|
||||
|
||||
The `--debug` option will let you see the full output. If you encounter any issue, please paste it.
|
3
doc/POST_INSTALL.md
Normal file
3
doc/POST_INSTALL.md
Normal file
|
@ -0,0 +1,3 @@
|
|||
Please open https://__DOMAIN____PATH__/admin
|
||||
The admin token is: __ADMIN_TOKEN__
|
||||
You will be able to invite users to your vaultwarden instance.
|
3
doc/POST_INSTALL_fr.md
Normal file
3
doc/POST_INSTALL_fr.md
Normal file
|
@ -0,0 +1,3 @@
|
|||
Veuillez ouvrir https://__DOMAIN____PATH__/admin
|
||||
Le jeton d'administration est : __ADMIN_TOKEN__
|
||||
Vous pourrez inviter des utilisateurs dans votre instance de Vaultwarden.
|
4
doc/PRE_INSTALL.md
Normal file
4
doc/PRE_INSTALL.md
Normal file
|
@ -0,0 +1,4 @@
|
|||
This package compiles Vaultwarden from sources, that can take a long time on a small computer :
|
||||
|
||||
* When installing on a Raspberry Pi 3, this can take more than 1 hour.
|
||||
* When installing from the webadmin, you can encounter the "504 Gateway Timeout": this is fine, just let it finish in the background.
|
4
doc/PRE_INSTALL_fr.md
Normal file
4
doc/PRE_INSTALL_fr.md
Normal file
|
@ -0,0 +1,4 @@
|
|||
Ce package compile Vaultwarden à partir des sources, ce qui peut prendre beaucoup de temps sur un petit ordinateur :
|
||||
|
||||
* Lors de l'installation sur un Raspberry Pi 3, cela peut prendre plus d'une heure.
|
||||
* Lors de l'installation depuis l'administrateur Web, vous pouvez rencontrer le "504 Gateway Timeout" : c'est très bien, laissez-le simplement se terminer en arrière-plan.
|
|
@ -1,52 +0,0 @@
|
|||
{
|
||||
"name": "Vaultwarden",
|
||||
"id": "vaultwarden",
|
||||
"packaging_format": 1,
|
||||
"description": {
|
||||
"en": "Manage passwords and other sensitive informations",
|
||||
"fr": "Gérez les mots de passe et autres informations sensibles"
|
||||
},
|
||||
"version": "1.29.1~ynh1",
|
||||
"url": "https://github.com/dani-garcia/vaultwarden",
|
||||
"upstream": {
|
||||
"license": "GPL-3.0-or-later",
|
||||
"demo": "https://vault.bitwarden.com/#/register",
|
||||
"admindoc": "https://github.com/dani-garcia/vaultwarden/wiki",
|
||||
"userdoc": "https://help.bitwarden.com/",
|
||||
"code": "https://github.com/dani-garcia/vaultwarden"
|
||||
},
|
||||
"license": "GPL-3.0-or-later",
|
||||
"maintainer": {
|
||||
"name": "yalh76"
|
||||
},
|
||||
"requirements": {
|
||||
"yunohost": ">= 11.1.21"
|
||||
},
|
||||
"multi_instance": true,
|
||||
"services": [
|
||||
"nginx"
|
||||
],
|
||||
"arguments": {
|
||||
"install": [
|
||||
{
|
||||
"name": "domain",
|
||||
"type": "domain"
|
||||
},
|
||||
{
|
||||
"name": "path",
|
||||
"type": "path",
|
||||
"example": "/vaultwarden",
|
||||
"default": "/vaultwarden"
|
||||
},
|
||||
{
|
||||
"name": "is_public",
|
||||
"type": "boolean",
|
||||
"default": true
|
||||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"type": "user"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
70
manifest.toml
Normal file
70
manifest.toml
Normal file
|
@ -0,0 +1,70 @@
|
|||
packaging_format = 2
|
||||
|
||||
id = "vaultwarden"
|
||||
name = "Vaultwarden"
|
||||
description.en = "Manage passwords and other sensitive informations"
|
||||
description.fr = "Gérez les mots de passe et autres informations sensibles"
|
||||
|
||||
version = "1.29.1~ynh1"
|
||||
|
||||
maintainers = ["yalh76"]
|
||||
|
||||
[upstream]
|
||||
license = "GPL-3.0-or-later"
|
||||
demo = "https://vault.bitwarden.com/#/register"
|
||||
admindoc = "https://github.com/dani-garcia/vaultwarden/wiki"
|
||||
userdoc = "https://help.bitwarden.com/"
|
||||
code = "https://github.com/dani-garcia/vaultwarden"
|
||||
|
||||
[integration]
|
||||
yunohost = ">= 11.2"
|
||||
architectures = "all"
|
||||
multi_instance = true
|
||||
ldap = false
|
||||
sso = false
|
||||
disk = "50M"
|
||||
ram.build = "50M"
|
||||
ram.runtime = "50M"
|
||||
|
||||
[install]
|
||||
[install.domain]
|
||||
type = "domain"
|
||||
|
||||
[install.path]
|
||||
type = "path"
|
||||
default = "/vaultwarden"
|
||||
|
||||
[install.init_main_permission]
|
||||
type = "group"
|
||||
default = "visitors"
|
||||
|
||||
[install.admin]
|
||||
type = "user"
|
||||
|
||||
[resources]
|
||||
|
||||
[resources.system_user]
|
||||
allow_email = true
|
||||
|
||||
[resources.install_dir]
|
||||
|
||||
[resources.data_dir]
|
||||
|
||||
[resources.ports]
|
||||
websocket.default = 3012
|
||||
rocket.default = 8095
|
||||
|
||||
[resources.permissions]
|
||||
main.url = "/"
|
||||
api.url = "/api"
|
||||
api.additional_urls = ["/identity"]
|
||||
api.allowed = "visitors"
|
||||
api.auth_header = false
|
||||
api.show_tile = false
|
||||
api.protected = true
|
||||
admin.url = "/admin"
|
||||
admin.allowed = "admins"
|
||||
admin.show_tile = false
|
||||
|
||||
[resources.apt]
|
||||
packages = "libpq5, rsync"
|
|
@ -4,9 +4,6 @@
|
|||
# COMMON VARIABLES
|
||||
#=================================================
|
||||
|
||||
# dependencies used by the app
|
||||
pkg_dependencies="libpq5 rsync"
|
||||
|
||||
pkg_image="vaultwarden/server"
|
||||
|
||||
#=================================================
|
||||
|
|
|
@ -10,27 +10,6 @@
|
|||
source ../settings/scripts/_common.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
#=================================================
|
||||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
ynh_clean_setup () {
|
||||
true
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_print_info --message="Loading installation settings..."
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
||||
|
||||
#=================================================
|
||||
# DECLARE DATA AND CONF FILES TO BACKUP
|
||||
#=================================================
|
||||
|
@ -40,13 +19,13 @@ ynh_print_info --message="Declaring files to be backed up..."
|
|||
# BACKUP THE APP MAIN DIR
|
||||
#=================================================
|
||||
|
||||
ynh_backup --src_path="$final_path"
|
||||
ynh_backup --src_path="$install_dir"
|
||||
|
||||
#=================================================
|
||||
# BACKUP THE DATA DIR
|
||||
#=================================================
|
||||
|
||||
ynh_backup --src_path="$datadir" --is_big
|
||||
ynh_backup --src_path="$data_dir" --is_big
|
||||
|
||||
#=================================================
|
||||
# BACKUP THE NGINX CONFIGURATION
|
||||
|
|
|
@ -9,66 +9,6 @@
|
|||
source _common.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
#=================================================
|
||||
# RETRIEVE ARGUMENTS
|
||||
#=================================================
|
||||
|
||||
old_domain=$YNH_APP_OLD_DOMAIN
|
||||
old_path=$YNH_APP_OLD_PATH
|
||||
|
||||
new_domain=$YNH_APP_NEW_DOMAIN
|
||||
new_path=$YNH_APP_NEW_PATH
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Loading installation settings..."
|
||||
|
||||
# Needed for helper "ynh_add_nginx_config"
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
|
||||
# Add settings here as needed by your application
|
||||
#db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||
#db_user=$db_name
|
||||
#db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
|
||||
rocket_port=$(ynh_app_setting_get --app=$app --key=rocket_port)
|
||||
websocket_port=$(ynh_app_setting_get --app=$app --key=websocket_port)
|
||||
|
||||
#=================================================
|
||||
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..."
|
||||
|
||||
# Backup the current version of the app
|
||||
ynh_backup_before_upgrade
|
||||
ynh_clean_setup () {
|
||||
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
|
||||
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
|
||||
|
||||
# Restore it if the upgrade fails
|
||||
ynh_restore_upgradebackup
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# CHECK WHICH PARTS SHOULD BE CHANGED
|
||||
#=================================================
|
||||
|
||||
change_domain=0
|
||||
if [ "$old_domain" != "$new_domain" ]
|
||||
then
|
||||
change_domain=1
|
||||
fi
|
||||
|
||||
change_path=0
|
||||
if [ "$old_path" != "$new_path" ]
|
||||
then
|
||||
change_path=1
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# STANDARD MODIFICATIONS
|
||||
#=================================================
|
||||
|
@ -76,36 +16,14 @@ fi
|
|||
#=================================================
|
||||
ynh_script_progression --message="Stopping a systemd service..."
|
||||
|
||||
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --line_match="Stopped vaultwarden Server"
|
||||
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
|
||||
|
||||
#=================================================
|
||||
# MODIFY URL IN NGINX CONF
|
||||
#=================================================
|
||||
ynh_script_progression --message="Updating NGINX web server configuration..."
|
||||
|
||||
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
|
||||
|
||||
# Change the path in the NGINX config file
|
||||
if [ $change_path -eq 1 ]
|
||||
then
|
||||
# Make a backup of the original NGINX config file if modified
|
||||
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
|
||||
# Set global variables for NGINX helper
|
||||
domain="$old_domain"
|
||||
path_url="$new_path"
|
||||
# Create a dedicated NGINX config
|
||||
ynh_add_nginx_config
|
||||
fi
|
||||
|
||||
# Change the domain for NGINX
|
||||
if [ $change_domain -eq 1 ]
|
||||
then
|
||||
# Delete file checksum for the old conf file location
|
||||
ynh_delete_file_checksum --file="$nginx_conf_path"
|
||||
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
|
||||
# Store file checksum for the new config file location
|
||||
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
|
||||
fi
|
||||
ynh_change_url_nginx_config
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC MODIFICATIONS
|
||||
|
@ -114,14 +32,17 @@ fi
|
|||
#=================================================
|
||||
ynh_script_progression --message="Modifying a config file..."
|
||||
|
||||
config="$final_path/live/.env"
|
||||
ynh_add_config --template="vaultwarden.env" --destination="$install_dir/live/.env"
|
||||
|
||||
ynh_backup_if_checksum_is_different --file="$config"
|
||||
chmod 400 "$install_dir/live/.env"
|
||||
chown $app:$app "$install_dir/live/.env"
|
||||
|
||||
ynh_replace_string --match_string="DOMAIN=https://$old_domain$old_path" --replace_string="DOMAIN=https://$new_domain$new_path" --target_file="$config"
|
||||
#ynh_backup_if_checksum_is_different --file="$install_dir/live/.env"
|
||||
|
||||
#ynh_replace_string --match_string="DOMAIN=https://$old_domain$old_path" --replace_string="DOMAIN=https://$new_domain$new_path" --target_file="$install_dir/live/.env"
|
||||
|
||||
# Recalculate and store the checksum of the file for the next upgrade.
|
||||
ynh_store_file_checksum --file="$config"
|
||||
#ynh_store_file_checksum --file="$install_dir/live/.env"
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALISATION
|
||||
|
@ -133,13 +54,6 @@ ynh_script_progression --message="Starting a systemd service..."
|
|||
# Start a systemd service
|
||||
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reloading NGINX web server..."
|
||||
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
|
188
scripts/install
188
scripts/install
|
@ -8,176 +8,87 @@
|
|||
|
||||
source _common.sh
|
||||
source ynh_docker_image_extract
|
||||
source ynh_send_readme_to_admin__2
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
#=================================================
|
||||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
ynh_clean_setup () {
|
||||
ynh_clean_check_starting
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
||||
#=================================================
|
||||
|
||||
domain=$YNH_APP_ARG_DOMAIN
|
||||
path_url=$YNH_APP_ARG_PATH
|
||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
||||
admin=$YNH_APP_ARG_ADMIN
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
admin_mail=$(ynh_user_get_info --username=$admin --key=mail)
|
||||
admin_token=$(ynh_string_random --length=48 | base64)
|
||||
|
||||
#=================================================
|
||||
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Validating installation parameters..."
|
||||
|
||||
final_path=/var/www/$app
|
||||
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
|
||||
|
||||
# Register (book) web path
|
||||
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
|
||||
|
||||
#=================================================
|
||||
# STORE SETTINGS FROM MANIFEST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Storing installation settings..."
|
||||
|
||||
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
||||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
||||
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
||||
ynh_app_setting_set --app=$app --key=admin_token --value=$admin_token
|
||||
|
||||
#=================================================
|
||||
# STANDARD MODIFICATIONS
|
||||
#=================================================
|
||||
# FIND AND OPEN A PORT
|
||||
#=================================================
|
||||
ynh_script_progression --message="Finding an available port..."
|
||||
|
||||
# Find an available port
|
||||
websocket_port=$(ynh_find_port --port=3012)
|
||||
ynh_app_setting_set --app=$app --key=websocket_port --value="$websocket_port"
|
||||
|
||||
# Find an available port
|
||||
rocket_port=$(ynh_find_port --port=8095)
|
||||
ynh_app_setting_set --app=$app --key=rocket_port --value="$rocket_port"
|
||||
|
||||
#=================================================
|
||||
# INSTALL DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Installing dependencies..."
|
||||
|
||||
ynh_install_app_dependencies $pkg_dependencies
|
||||
|
||||
#=================================================
|
||||
# CREATE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring system user..."
|
||||
|
||||
# Create a system user
|
||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Setting up source files..."
|
||||
|
||||
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
||||
# Download, check integrity, uncompress and patch the source from app.src
|
||||
docker_arg=""
|
||||
if [ $YNH_ARCH == "armhf" ]
|
||||
then
|
||||
docker_arg="--os_arch_variant=linux/arm/v7"
|
||||
fi
|
||||
ynh_docker_image_extract --dest_dir="$final_path/build/" --image_spec="$pkg_image:$(ynh_app_upstream_version)" $docker_arg
|
||||
mkdir -p "$final_path/live/"
|
||||
ynh_docker_image_extract --dest_dir="$install_dir/build/" --image_spec="$pkg_image:$(ynh_app_upstream_version)" $docker_arg
|
||||
mkdir -p "$install_dir/live/"
|
||||
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:$app "$final_path"
|
||||
chmod 750 "$install_dir"
|
||||
chmod -R o-rwx "$install_dir"
|
||||
chown -R $app:$app "$install_dir"
|
||||
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
# SYSTEM CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring NGINX web server..."
|
||||
ynh_script_progression --message="Adding system configurations related to $app..." --weight=1
|
||||
|
||||
# Create a dedicated NGINX config
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC SETUP
|
||||
#=================================================
|
||||
# CREATE DATA DIRECTORY
|
||||
#=================================================
|
||||
ynh_script_progression --message="Creating a data directory..."
|
||||
# Create a dedicated systemd config
|
||||
ynh_add_systemd_config
|
||||
|
||||
datadir=/home/yunohost.app/$app
|
||||
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
|
||||
# Use logrotate to manage application logfile(s)
|
||||
mkdir -p "/var/log/$app"
|
||||
chown -R $app:$app "/var/log/$app"
|
||||
|
||||
mkdir -p $datadir
|
||||
ynh_use_logrotate
|
||||
|
||||
chmod 750 "$datadir"
|
||||
chmod -R o-rwx "$datadir"
|
||||
chown -R $app:$app "$datadir"
|
||||
# Create a dedicated Fail2Ban config
|
||||
mkdir -p "/var/log/$app"
|
||||
touch "/var/log/$app/$app.log"
|
||||
chown -R $app:$app "/var/log/$app"
|
||||
|
||||
ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$"
|
||||
|
||||
yunohost service add $app --description="$app daemon for vaultwarden" --log="/var/log/$app/$app.log"
|
||||
|
||||
#=================================================
|
||||
# MAKE INSTALL
|
||||
#=================================================
|
||||
ynh_script_progression --message="Making install..."
|
||||
|
||||
mv -f "$final_path/build/vaultwarden" "$final_path/live/vaultwarden"
|
||||
rsync -a "$final_path/build/web-vault/" "$final_path/live/web-vault/"
|
||||
ynh_secure_remove --file="$final_path/build"
|
||||
mv -f "$install_dir/build/vaultwarden" "$install_dir/live/vaultwarden"
|
||||
rsync -a "$install_dir/build/web-vault/" "$install_dir/live/web-vault/"
|
||||
ynh_secure_remove --file="$install_dir/build"
|
||||
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:$app "$final_path"
|
||||
chmod -R o-rwx "$install_dir"
|
||||
chown -R $app:$app "$install_dir"
|
||||
|
||||
#=================================================
|
||||
# ADD A CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Adding a configuration file..."
|
||||
|
||||
ynh_add_config --template="../conf/vaultwarden.env" --destination="$final_path/live/.env"
|
||||
ynh_add_config --template="vaultwarden.env" --destination="$install_dir/live/.env"
|
||||
|
||||
chmod 400 "$final_path/live/.env"
|
||||
chown $app:$app "$final_path/live/.env"
|
||||
|
||||
#=================================================
|
||||
# SETUP SYSTEMD
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring a systemd service..."
|
||||
|
||||
# Create a dedicated systemd config
|
||||
ynh_add_systemd_config
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# SETUP LOGROTATE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring log rotation..."
|
||||
|
||||
# Use logrotate to manage application logfile(s)
|
||||
mkdir -p "/var/log/$app"
|
||||
chown -R $app:$app "/var/log/$app"
|
||||
ynh_use_logrotate
|
||||
|
||||
#=================================================
|
||||
# INTEGRATE SERVICE IN YUNOHOST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..."
|
||||
|
||||
yunohost service add $app --description="$app daemon for vaultwarden" --log="/var/log/$app/$app.log"
|
||||
chmod 400 "$install_dir/live/.env"
|
||||
chown $app:$app "$install_dir/live/.env"
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
|
@ -187,47 +98,6 @@ ynh_script_progression --message="Starting a systemd service..."
|
|||
# Start a systemd service
|
||||
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100
|
||||
|
||||
#=================================================
|
||||
# SETUP FAIL2BAN
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring Fail2Ban..."
|
||||
|
||||
# Create a dedicated Fail2Ban config
|
||||
mkdir -p "/var/log/$app"
|
||||
touch "/var/log/$app/$app.log"
|
||||
chown -R $app:$app "/var/log/$app"
|
||||
ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$"
|
||||
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring permissions..."
|
||||
|
||||
# Make app public if necessary
|
||||
if [ $is_public -eq 1 ]
|
||||
then
|
||||
# Everyone can access the app.
|
||||
# The "main" permission is automatically created before the install script.
|
||||
ynh_permission_update --permission="main" --add="visitors"
|
||||
fi
|
||||
|
||||
ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
|
||||
ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --show_tile="false"
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reloading NGINX web server..."
|
||||
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
#=================================================
|
||||
# SEND A README FOR THE ADMIN
|
||||
#=================================================
|
||||
ynh_script_progression --message="Sending a readme for the admin..."
|
||||
|
||||
ynh_send_readme_to_admin --app_message="../conf/msg_install" --recipients="$admin_mail" --type='install'
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
|
|
@ -10,21 +10,11 @@ source _common.sh
|
|||
source /usr/share/yunohost/helpers
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
# REMOVE SYSTEM CONFIGURATIONS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Loading installation settings..."
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
||||
|
||||
#=================================================
|
||||
# STANDARD REMOVE
|
||||
#=================================================
|
||||
# REMOVE SERVICE INTEGRATION IN YUNOHOST
|
||||
# REMOVE SYSTEMD SERVICE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
|
||||
|
||||
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
|
||||
if ynh_exec_warn_less yunohost service status $app >/dev/null
|
||||
|
@ -33,76 +23,20 @@ then
|
|||
yunohost service remove $app
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# STOP AND REMOVE SERVICE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Stopping and removing the systemd service..."
|
||||
|
||||
# Remove the dedicated systemd config
|
||||
ynh_remove_systemd_config
|
||||
|
||||
#=================================================
|
||||
# REMOVE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing app main directory..."
|
||||
|
||||
# Remove the app directory securely
|
||||
ynh_secure_remove --file="$final_path"
|
||||
|
||||
#=================================================
|
||||
# REMOVE DATA DIR
|
||||
#=================================================
|
||||
|
||||
# Remove the data directory if --purge option is used
|
||||
if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
|
||||
then
|
||||
ynh_script_progression --message="Removing app data directory..."
|
||||
ynh_secure_remove --file="$datadir"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# REMOVE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing NGINX web server configuration..."
|
||||
|
||||
# Remove the dedicated NGINX config
|
||||
ynh_remove_nginx_config
|
||||
|
||||
#=================================================
|
||||
# REMOVE DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing dependencies..."
|
||||
|
||||
# Remove metapackage and its dependencies
|
||||
ynh_remove_app_dependencies
|
||||
|
||||
#=================================================
|
||||
# REMOVE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing Fail2Ban configuration..."
|
||||
|
||||
# Remove the dedicated Fail2Ban config
|
||||
ynh_remove_fail2ban_config
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC REMOVE
|
||||
#=================================================
|
||||
# REMOVE VARIOUS FILES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing various files..."
|
||||
|
||||
# Remove the log files
|
||||
ynh_secure_remove --file="/var/log/$app"
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# REMOVE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing the dedicated system user..."
|
||||
|
||||
# Delete a system user
|
||||
ynh_system_user_delete --username=$app
|
||||
# Remove the config file
|
||||
ynh_secure_remove --file="/$data_dir/config.json"
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
|
|
116
scripts/restore
116
scripts/restore
|
@ -10,74 +10,40 @@
|
|||
source ../settings/scripts/_common.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
#=================================================
|
||||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
ynh_clean_setup () {
|
||||
ynh_clean_check_starting
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Loading installation settings..."
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
||||
|
||||
#=================================================
|
||||
# CHECK IF THE APP CAN BE RESTORED
|
||||
#=================================================
|
||||
ynh_script_progression --message="Validating restoration parameters..."
|
||||
|
||||
test ! -d $final_path \
|
||||
|| ynh_die --message="There is already a directory: $final_path "
|
||||
|
||||
#=================================================
|
||||
# STANDARD RESTORATION STEPS
|
||||
#=================================================
|
||||
# RECREATE THE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Recreating the dedicated system user..."
|
||||
|
||||
# Create the dedicated user (if not existing)
|
||||
ynh_system_user_create --username=$app --home_dir=$final_path
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the app main directory..."
|
||||
|
||||
ynh_restore_file --origin_path="$final_path"
|
||||
ynh_restore_file --origin_path="$install_dir"
|
||||
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:$app "$final_path"
|
||||
chmod -R o-rwx "$install_dir"
|
||||
chown -R $app:$app "$install_dir"
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE DATA DIRECTORY
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the data directory..."
|
||||
|
||||
ynh_restore_file --origin_path="$datadir" --not_mandatory
|
||||
ynh_restore_file --origin_path="$data_dir" --not_mandatory
|
||||
|
||||
mkdir -p $datadir
|
||||
|
||||
chmod 750 "$datadir"
|
||||
chmod -R o-rwx "$datadir"
|
||||
chown -R $app:$app "$datadir"
|
||||
chown -R $app:$app "$data_dir"
|
||||
|
||||
#=================================================
|
||||
# RESTORE FAIL2BAN CONFIGURATION
|
||||
# RESTORE SYSTEM CONFIGURATIONS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the Fail2Ban configuration..."
|
||||
# RESTORE THE PHP-FPM CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
|
||||
|
||||
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
|
||||
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
|
||||
systemctl enable $app.service --quiet
|
||||
|
||||
mkdir -p "/var/log/$app"
|
||||
chown -R $app:$app "/var/log/$app"
|
||||
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
|
||||
|
||||
# Create a dedicated Fail2Ban config
|
||||
mkdir -p "/var/log/$app"
|
||||
|
@ -88,45 +54,6 @@ ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
|
|||
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
|
||||
ynh_systemd_action --action=restart --service_name=fail2ban
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC RESTORATION
|
||||
#=================================================
|
||||
# REINSTALL DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reinstalling dependencies..."
|
||||
|
||||
# Define and install dependencies
|
||||
ynh_install_app_dependencies $pkg_dependencies
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the NGINX web server configuration..."
|
||||
|
||||
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# RESTORE SYSTEMD
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the systemd configuration..."
|
||||
|
||||
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
|
||||
systemctl enable $app.service --quiet
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE LOGROTATE CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the logrotate configuration..."
|
||||
|
||||
mkdir -p "/var/log/$app"
|
||||
chown -R $app:$app "/var/log/$app"
|
||||
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
|
||||
|
||||
#=================================================
|
||||
# INTEGRATE SERVICE IN YUNOHOST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..."
|
||||
|
||||
yunohost service add $app --description="$app daemon for vaultwarden" --log="/var/log/$app/$app.log"
|
||||
|
||||
#=================================================
|
||||
|
@ -136,13 +63,6 @@ ynh_script_progression --message="Starting a systemd service..."
|
|||
|
||||
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reloading NGINX web server..."
|
||||
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
#=================================================
|
||||
|
|
215
scripts/upgrade
215
scripts/upgrade
|
@ -8,48 +8,14 @@
|
|||
|
||||
source _common.sh
|
||||
source ynh_docker_image_extract
|
||||
source ynh_handle_app_migration
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Loading installation settings..."
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||
admin=$(ynh_app_setting_get --app=$app --key=admin)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
||||
|
||||
admin_token=$(ynh_app_setting_get --app=$app --key=admin_token)
|
||||
rocket_port=$(ynh_app_setting_get --app=$app --key=rocket_port)
|
||||
websocket_port=$(ynh_app_setting_get --app=$app --key=websocket_port)
|
||||
|
||||
#=================================================
|
||||
# CHECK VERSION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Checking version..."
|
||||
|
||||
upgrade_type=$(ynh_check_app_version_changed)
|
||||
|
||||
#=================================================
|
||||
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
|
||||
|
||||
# Backup the current version of the app
|
||||
ynh_backup_before_upgrade
|
||||
ynh_clean_setup () {
|
||||
ynh_clean_check_starting
|
||||
# Restore it if the upgrade fails
|
||||
ynh_restore_upgradebackup
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# STANDARD UPGRADE STEPS
|
||||
#=================================================
|
||||
|
@ -59,83 +25,6 @@ ynh_script_progression --message="Stopping a systemd service..."
|
|||
|
||||
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --line_match="Stopped"
|
||||
|
||||
#=================================================
|
||||
# HANDLE MIGRATION FROM BITWARDEN
|
||||
#=================================================
|
||||
|
||||
ynh_handle_app_migration --migration_id="bitwarden" --migration_list="bitwarden_migration"
|
||||
|
||||
if [ $migration_process -eq 1 ]
|
||||
then
|
||||
# If a migration has been perform
|
||||
# Reload some values changed by the migration process
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||
|
||||
# Move config file
|
||||
mv $final_path/live/bitwarden_rs.env $final_path/live/.env
|
||||
ynh_delete_file_checksum --file="/var/www/$old_app/live/bitwarden_rs.env"
|
||||
ynh_store_file_checksum --file="$final_path/live/.env"
|
||||
ynh_secure_remove --file="$final_path/live/bitwarden_rs"
|
||||
|
||||
# Manage permissions
|
||||
ynh_permission_update --permission="main" --add="all_users"
|
||||
ynh_permission_update --permission="main" --add="visitors"
|
||||
|
||||
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
|
||||
if ynh_exec_warn_less yunohost service status $old_app >/dev/null
|
||||
then
|
||||
ynh_script_progression --message="Removing $old_app service integration..."
|
||||
yunohost service remove $old_app
|
||||
fi
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# ENSURE DOWNWARD COMPATIBILITY
|
||||
#=================================================
|
||||
ynh_script_progression --message="Ensuring downward compatibility..."
|
||||
|
||||
# Cleaning legacy permissions
|
||||
if ynh_legacy_permissions_exists; then
|
||||
ynh_legacy_permissions_delete_all
|
||||
|
||||
ynh_app_setting_delete --app=$app --key=is_public
|
||||
fi
|
||||
|
||||
if ! ynh_permission_exists --permission="admin"; then
|
||||
# Create the required permissions
|
||||
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin --show_tile="false"
|
||||
fi
|
||||
|
||||
# Create a permission if needed
|
||||
if ! ynh_permission_exists --permission="api"; then
|
||||
ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
|
||||
else
|
||||
ynh_permission_url --permission="api" --remove_url="/identity/connect/token" --add_url="/identity"
|
||||
fi
|
||||
|
||||
# If datadir doesn't exist, create it
|
||||
if [ -z $datadir ]; then
|
||||
ynh_script_progression --message="Making sure data directory exists..."
|
||||
datadir=/home/yunohost.app/$app
|
||||
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
|
||||
mkdir -p $datadir
|
||||
rsync -arz "$final_path/live/data/" "$datadir/" --delete-after --remove-source-files
|
||||
ynh_secure_remove --file="$final_path/live/data"
|
||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||
chmod 750 "$datadir"
|
||||
chmod -R o-rwx "$datadir"
|
||||
chown -R $app:$app "$datadir"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# CREATE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Making sure dedicated system user exists..."
|
||||
|
||||
# Create a dedicated user (if not existing)
|
||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
#=================================================
|
||||
|
@ -150,28 +39,12 @@ then
|
|||
then
|
||||
docker_arg="--os_arch_variant=linux/arm/v7"
|
||||
fi
|
||||
ynh_docker_image_extract --dest_dir="$final_path/build/" --image_spec="$pkg_image:$(ynh_app_upstream_version)" $docker_arg
|
||||
mkdir -p "$final_path/live/"
|
||||
ynh_docker_image_extract --dest_dir="$install_dir/build/" --image_spec="$pkg_image:$(ynh_app_upstream_version)" $docker_arg
|
||||
mkdir -p "$install_dir/live/"
|
||||
fi
|
||||
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:$app "$final_path"
|
||||
|
||||
#=================================================
|
||||
# UPGRADE DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading dependencies..."
|
||||
|
||||
ynh_install_app_dependencies $pkg_dependencies
|
||||
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading NGINX web server configuration..."
|
||||
|
||||
# Create a dedicated NGINX config
|
||||
ynh_add_nginx_config
|
||||
chmod -R o-rwx "$install_dir"
|
||||
chown -R $app:$app "$install_dir"
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC UPGRADE
|
||||
|
@ -182,50 +55,48 @@ ynh_script_progression --message="Making upgrade..."
|
|||
|
||||
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
||||
then
|
||||
mv -f "$final_path/build/vaultwarden" "$final_path/live/vaultwarden"
|
||||
ynh_secure_remove --file="$final_path/live/web-vault/"
|
||||
rsync -a "$final_path/build/web-vault/" "$final_path/live/web-vault/"
|
||||
ynh_secure_remove --file="$final_path/build"
|
||||
mv -f "$install_dir/build/vaultwarden" "$install_dir/live/vaultwarden"
|
||||
ynh_secure_remove --file="$install_dir/live/web-vault/"
|
||||
rsync -a "$install_dir/build/web-vault/" "$install_dir/live/web-vault/"
|
||||
ynh_secure_remove --file="$install_dir/build"
|
||||
fi
|
||||
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:$app "$final_path"
|
||||
chmod 750 "$install_dir"
|
||||
chmod -R o-rwx "$install_dir"
|
||||
chown -R $app:$app "$install_dir"
|
||||
|
||||
#=================================================
|
||||
# UPDATE A CONFIG FILE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Updating a configuration file..."
|
||||
|
||||
ynh_add_config --template="../conf/vaultwarden.env" --destination="$final_path/live/.env"
|
||||
ynh_add_config --template="vaultwarden.env" --destination="$install_dir/live/.env"
|
||||
|
||||
chmod 400 "$final_path/live/.env"
|
||||
chown $app:$app "$final_path/live/.env"
|
||||
chmod 400 "$install_dir/live/.env"
|
||||
chown $app:$app "$install_dir/live/.env"
|
||||
|
||||
#=================================================
|
||||
# SETUP SYSTEMD
|
||||
# REAPPLY SYSTEM CONFIGURATIONS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading systemd configuration..."
|
||||
ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1
|
||||
|
||||
# Create a dedicated NGINX config
|
||||
ynh_add_nginx_config
|
||||
|
||||
# Create a dedicated systemd config
|
||||
ynh_add_systemd_config
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# SETUP LOGROTATE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading logrotate configuration..."
|
||||
|
||||
mkdir -p "/var/log/$app"
|
||||
chown -R $app:$app "/var/log/$app"
|
||||
# Use logrotate to manage app-specific logfile(s)
|
||||
ynh_use_logrotate --non-append
|
||||
|
||||
#=================================================
|
||||
# INTEGRATE SERVICE IN YUNOHOST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..."
|
||||
mkdir -p "/var/log/$app"
|
||||
touch "/var/log/$app/$app.log"
|
||||
chown -R $app:$app "/var/log/$app"
|
||||
|
||||
# Create a dedicated Fail2Ban config
|
||||
ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$"
|
||||
|
||||
yunohost service add $app --description="$app daemon for vaultwarden" --log="/var/log/$app/$app.log"
|
||||
|
||||
|
@ -236,42 +107,6 @@ ynh_script_progression --message="Starting a systemd service..."
|
|||
|
||||
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100
|
||||
|
||||
#=================================================
|
||||
# UPGRADE FAIL2BAN
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reconfiguring Fail2Ban..."
|
||||
|
||||
mkdir -p "/var/log/$app"
|
||||
touch "/var/log/$app/$app.log"
|
||||
chown -R $app:$app "/var/log/$app"
|
||||
# Create a dedicated Fail2Ban config
|
||||
ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$"
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reloading NGINX web server..."
|
||||
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
#=================================================
|
||||
# FINISH MIGRATION PROCESS
|
||||
#=================================================
|
||||
|
||||
if [ $migration_process -eq 1 ]
|
||||
then
|
||||
ynh_script_progression --message="Bitwarden has been successfully migrated to Vaultwarden! \
|
||||
A last scheduled operation will run in a couple of minutes to finish the \
|
||||
migration in YunoHost side. Do not proceed any application operation while \
|
||||
you don't see Vaultwarden as installed."
|
||||
script_post_migration=bitwarden_post_migration.sh
|
||||
cp ../conf/$script_post_migration /tmp
|
||||
ynh_replace_string --match_string="__OLD_APP__" --replace_string="$old_app" --target_file=/tmp/$script_post_migration
|
||||
ynh_replace_string --match_string="__NEW_APP__" --replace_string="$app" --target_file=/tmp/$script_post_migration
|
||||
chmod +x /tmp/$script_post_migration
|
||||
(cd /tmp; echo "/tmp/$script_post_migration > /tmp/$script_post_migration.log 2>&1" | at now + 2 minutes)
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
|
|
@ -42,7 +42,7 @@ ynh_docker_image_extract() {
|
|||
# Extract source into the app dir
|
||||
mkdir --parents "$dest_dir"
|
||||
|
||||
if [ -n "${final_path:-}" ] && [ "$dest_dir" == "$final_path" ]; then
|
||||
if [ -n "${install_dir:-}" ] && [ "$dest_dir" == "$install_dir" ]; then
|
||||
_ynh_apply_default_permissions $dest_dir
|
||||
fi
|
||||
|
||||
|
|
|
@ -1,265 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Need also the helper https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/ynh_handle_getopts_args/ynh_handle_getopts_args
|
||||
|
||||
# Make the main steps to migrate an app to its fork.
|
||||
#
|
||||
# This helper has to be used for an app which needs to migrate to a new name or a new fork
|
||||
# (like owncloud to nextcloud or zerobin to privatebin).
|
||||
#
|
||||
# This helper will move the files of an app to its new name
|
||||
# or recreate the things it can't move.
|
||||
#
|
||||
# To specify which files it has to move, you have to create a "migration file", stored in ../conf
|
||||
# This file is a simple list of each file it has to move,
|
||||
# except that file names must reference the $app variable instead of the real name of the app,
|
||||
# and every instance-specific variables (like $domain).
|
||||
# $app is especially important because it's this variable which will be used to identify the old place and the new one for each file.
|
||||
#
|
||||
# If a database exists for this app, it will be dumped and then imported in a newly created database, with a new name and new user.
|
||||
# Don't forget you have to then apply these changes to application-specific settings (depends on the packaged application)
|
||||
#
|
||||
# Same things for an existing user, a new one will be created.
|
||||
# But the old one can't be removed unless it's not used. See below.
|
||||
#
|
||||
# If you have some dependencies for your app, it's possible to change the fake debian package which manages them.
|
||||
# You have to fill the $pkg_dependencies variable, and then a new fake package will be created and installed,
|
||||
# and the old one will be removed.
|
||||
# If you don't have a $pkg_dependencies variable, the helper can't know what the app dependencies are.
|
||||
#
|
||||
# The app settings.yml will be modified as follows:
|
||||
# - finalpath will be changed according to the new name (but only if the existing $final_path contains the old app name)
|
||||
# - The checksums of php-fpm and nginx config files will be updated too.
|
||||
# - If there is a $db_name value, it will be changed.
|
||||
# - And, of course, the ID will be changed to the new name too.
|
||||
#
|
||||
# Finally, the $app variable will take the value of the new name.
|
||||
# The helper will set the $migration_process variable to 1 if a migration has been successfully handled.
|
||||
#
|
||||
# You have to handle by yourself all the migrations not done by this helper, like configuration or special values in settings.yml
|
||||
# Also, at the end of the upgrade script, you have to add a post_migration script to handle all the things the helper can't do during YunoHost upgrade (mostly for permission reasons),
|
||||
# especially remove the old user, move some hooks and remove the old configuration directory
|
||||
# To launch this script, you have to move it elsewhere and start it after the upgrade script.
|
||||
# `cp ../conf/$script_post_migration /tmp`
|
||||
# `(cd /tmp; echo "/tmp/$script_post_migration" | at now + 2 minutes)`
|
||||
#
|
||||
# usage: ynh_handle_app_migration migration_id migration_list
|
||||
# | arg: -i, --migration_id= - ID from which to migrate
|
||||
# | arg: -l, --migration_list= - File specifying every file to move (one file per line)
|
||||
ynh_handle_app_migration () {
|
||||
# Need for end of install
|
||||
ynh_package_install at
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
|
||||
old_app=$YNH_APP_INSTANCE_NAME
|
||||
local old_app_id=$YNH_APP_ID
|
||||
local old_app_number=$YNH_APP_INSTANCE_NUMBER
|
||||
|
||||
# Declare an array to define the options of this helper.
|
||||
declare -Ar args_array=( [i]=migration_id= [l]=migration_list= )
|
||||
# Get the id from which to migrate
|
||||
local migration_id
|
||||
# And the file with the paths to move
|
||||
local migration_list
|
||||
# Manage arguments with getopts
|
||||
ynh_handle_getopts_args "$@"
|
||||
|
||||
# Get the new app id in the manifest
|
||||
local new_app_id=$(grep \"id\": ../manifest.json | cut -d\" -f4)
|
||||
if [ $old_app_number -eq 1 ]; then
|
||||
local new_app=$new_app_id
|
||||
else
|
||||
local new_app=${new_app_id}__${old_app_number}
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# CHECK IF IT HAS TO MIGRATE
|
||||
#=================================================
|
||||
|
||||
migration_process=0
|
||||
|
||||
if [ "$old_app_id" == "$new_app_id" ]
|
||||
then
|
||||
# If the 2 id are the same
|
||||
# No migration to do.
|
||||
echo 0
|
||||
return 0
|
||||
else
|
||||
if [ "$old_app_id" != "$migration_id" ]
|
||||
then
|
||||
# If the new app is not the authorized id, fail.
|
||||
ynh_die --message="Incompatible application for migration from $old_app_id to $new_app_id"
|
||||
fi
|
||||
|
||||
ynh_print_info --message="Migrate from $old_app_id to $new_app_id" >&2
|
||||
|
||||
#=================================================
|
||||
# CHECK IF THE MIGRATION CAN BE DONE
|
||||
#=================================================
|
||||
|
||||
# TODO Handle multi instance apps...
|
||||
# Check that there is not already an app installed for this id.
|
||||
(yunohost app list | grep -q -w "id: $new_app") \
|
||||
&& ynh_die --message="$new_app is already installed"
|
||||
|
||||
#=================================================
|
||||
# CHECK THE LIST OF FILES TO MOVE
|
||||
#=================================================
|
||||
|
||||
local temp_migration_list="$(tempfile)"
|
||||
|
||||
# Build the list by removing blank lines and comment lines
|
||||
sed '/^#.*\|^$/d' "../conf/$migration_list" > "$temp_migration_list"
|
||||
|
||||
# Check if there is no file in the destination
|
||||
local file_to_move=""
|
||||
while read file_to_move
|
||||
do
|
||||
# Replace all occurences of $app by $new_app in each file to move.
|
||||
local move_to_destination="${file_to_move//\$app/$new_app}"
|
||||
test -e "$move_to_destination" && ynh_die --message="A file named $move_to_destination already exists."
|
||||
done < "$temp_migration_list"
|
||||
|
||||
#=================================================
|
||||
# COPY YUNOHOST SETTINGS FOR THIS APP
|
||||
#=================================================
|
||||
|
||||
local settings_dir="/etc/yunohost/apps"
|
||||
cp -a "$settings_dir/$old_app" "$settings_dir/$new_app"
|
||||
cp -a ../{scripts,conf,manifest.json} "$settings_dir/$new_app"
|
||||
|
||||
# Replace the old id by the new one
|
||||
ynh_replace_string --match_string="\(^id: .*\)$old_app" --replace_string="\1$new_app" --target_file="$settings_dir/$new_app/settings.yml"
|
||||
# INFO: There a special behavior with yunohost app setting:
|
||||
# if the id given in argument does not match with the id
|
||||
# stored in the config file, the config file will be purged.
|
||||
# That's why we use sed instead of app setting here.
|
||||
# https://github.com/YunoHost/yunohost/blob/c6b5284be8da39cf2da4e1036a730eb5e0515096/src/yunohost/app.py#L1316-L1321
|
||||
|
||||
# Change the label if it's simply the name of the app
|
||||
old_label=$(ynh_app_setting_get --app=$new_app --key=label)
|
||||
if [ "${old_label,,}" == "$old_app_id" ]
|
||||
then
|
||||
# Build the new label from the id of the app. With the first character as upper case
|
||||
new_label=$(echo $new_app_id | cut -c1 | tr [:lower:] [:upper:])$(echo $new_app_id | cut -c2-)
|
||||
ynh_app_setting_set --app=$new_app --key=label --value=$new_label
|
||||
fi
|
||||
|
||||
permissions_name=$(yunohost user permission list $old_app --short --output-as plain)
|
||||
for permission_name in $permissions_name
|
||||
do
|
||||
yunohost tools shell -c "from yunohost.permission import permission_delete; permission_delete('$permission_name', force=True, sync_perm=False)"
|
||||
done
|
||||
|
||||
yunohost tools shell -c "from yunohost.permission import permission_create; permission_create('$new_app.main', url='/' , show_tile=True , sync_perm=True)"
|
||||
|
||||
#=================================================
|
||||
# MOVE FILES TO THE NEW DESTINATION
|
||||
#=================================================
|
||||
|
||||
while read file_to_move
|
||||
do
|
||||
# Replace all occurence of $app by $new_app in each file to move.
|
||||
move_to_destination="$(eval echo "${file_to_move//\$app/$new_app}")"
|
||||
local real_file_to_move="$(eval echo "${file_to_move//\$app/$old_app}")"
|
||||
ynh_print_info --message="Move file $real_file_to_move to $move_to_destination" >&2
|
||||
mv "$real_file_to_move" "$move_to_destination"
|
||||
done < "$temp_migration_list"
|
||||
|
||||
#=================================================
|
||||
# UPDATE SETTINGS KNOWN ENTRIES
|
||||
#=================================================
|
||||
|
||||
# Replace nginx checksum
|
||||
ynh_replace_string --match_string="\(^checksum__etc_nginx.*\)_$old_app" --replace_string="\1_$new_app" --target_file="$settings_dir/$new_app/settings.yml"
|
||||
|
||||
# Replace php-fpm checksums
|
||||
ynh_replace_string --match_string="\(^checksum__etc_php.*[-_]\)$old_app" --replace_string="\1$new_app" --target_file="$settings_dir/$new_app/settings.yml"
|
||||
|
||||
# Replace final_path
|
||||
ynh_replace_string --match_string="\(^final_path: .*\)$old_app" --replace_string="\1$new_app" --target_file="$settings_dir/$new_app/settings.yml"
|
||||
|
||||
# Replace fail2ban_filter
|
||||
ynh_replace_string --match_string="\(^checksum__etc_fail2ban_filter.*\)_$old_app" --replace_string="\1_$new_app" --target_file="$settings_dir/$new_app/settings.yml"
|
||||
|
||||
# Replace fail2ban_jail
|
||||
ynh_replace_string --match_string="\(^checksum__etc_fail2ban_jail.*\)_$old_app" --replace_string="\1_$new_app" --target_file="$settings_dir/$new_app/settings.yml"
|
||||
|
||||
# Replace systemd
|
||||
ynh_replace_string --match_string="\(^checksum__etc_systemd_system.*\)_$old_app" --replace_string="\1_$new_app" --target_file="$settings_dir/$new_app/settings.yml"
|
||||
|
||||
#=================================================
|
||||
# MOVE THE MYSQL DATABASE
|
||||
#=================================================
|
||||
|
||||
old_db_name=$(ynh_app_setting_get --app=$old_app --key=db_name)
|
||||
|
||||
# Check if a database exists before trying to move it
|
||||
if [ -n "$old_db_name" ] && mysqlshow | grep -q "^| $old_db_name"
|
||||
then
|
||||
old_db_user=$old_db_name
|
||||
db_pwd=$(ynh_app_setting_get --app=$old_app --key=mysqlpwd)
|
||||
|
||||
new_db_name=$(ynh_sanitize_dbid --db_name=$new_app)
|
||||
new_db_user=$new_db_name
|
||||
ynh_print_info --message="Rename the database $db_name to $new_db_name" >&2
|
||||
|
||||
local sql_dump="/tmp/${db_name}-$(date '+%s').sql"
|
||||
|
||||
# Dump the old database
|
||||
ynh_mysql_dump_db --database="$old_db_name" > "$sql_dump"
|
||||
|
||||
# Create a new database
|
||||
ynh_mysql_setup_db --db_user=$new_db_user --db_name=$new_db_name --db_pwd=$db_pwd
|
||||
|
||||
# Then restore the old one into the new one
|
||||
ynh_mysql_connect_as --user=$new_db_user --password=$db_pwd --database=$new_db_name < "$sql_dump"
|
||||
|
||||
# Remove the old database
|
||||
ynh_mysql_remove_db --db_user=$old_db_user --db_name=$old_db_name
|
||||
|
||||
# And the dump
|
||||
ynh_secure_remove --file="$sql_dump"
|
||||
|
||||
# Update the value of $db_name
|
||||
db_name=$new_db_name
|
||||
db_user=$new_db_user
|
||||
ynh_app_setting_set --app=$new_app --key=db_name --value=$db_name
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# CHANGE THE FAKE DEPENDENCIES PACKAGE
|
||||
#=================================================
|
||||
|
||||
# Check if a variable $pkg_dependencies exists
|
||||
# If this variable doesn't exist, this part shall be managed in the upgrade script.
|
||||
if [ -n "${pkg_dependencies:-}" ]
|
||||
then
|
||||
# Define the name of the package
|
||||
local old_package_name="${old_app//_/-}-ynh-deps"
|
||||
local new_package_name="${new_app//_/-}-ynh-deps"
|
||||
|
||||
if ynh_package_is_installed --package="$old_package_name"
|
||||
then
|
||||
# Install a new fake package
|
||||
app=$new_app
|
||||
ynh_install_app_dependencies $pkg_dependencies
|
||||
# Then remove the old one
|
||||
app=$old_app
|
||||
ynh_remove_app_dependencies
|
||||
fi
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# UPDATE THE ID OF THE APP
|
||||
#=================================================
|
||||
|
||||
app=$new_app
|
||||
|
||||
# Set migration_process to 1 to inform that an upgrade has been made
|
||||
migration_process=1
|
||||
fi
|
||||
}
|
|
@ -1,129 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Send an email to inform the administrator
|
||||
#
|
||||
# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type]
|
||||
# | arg: -m --app_message= - The file with the content to send to the administrator.
|
||||
# | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root
|
||||
# example: "root admin@domain"
|
||||
# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
|
||||
# example: "root admin@domain user1 user2"
|
||||
# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade'
|
||||
#
|
||||
# Requires YunoHost version 4.1.0 or higher.
|
||||
ynh_send_readme_to_admin() {
|
||||
# Declare an array to define the options of this helper.
|
||||
declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= )
|
||||
local app_message
|
||||
local recipients
|
||||
local type
|
||||
# Manage arguments with getopts
|
||||
|
||||
ynh_handle_getopts_args "$@"
|
||||
app_message="${app_message:-}"
|
||||
recipients="${recipients:-root}"
|
||||
type="${type:-install}"
|
||||
|
||||
# Get the value of admin_mail_html
|
||||
admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
|
||||
admin_mail_html="${admin_mail_html:-0}"
|
||||
|
||||
# Retrieve the email of users
|
||||
find_mails () {
|
||||
local list_mails="$1"
|
||||
local mail
|
||||
local recipients=" "
|
||||
# Read each mail in argument
|
||||
for mail in $list_mails
|
||||
do
|
||||
# Keep root or a real email address as it is
|
||||
if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@"
|
||||
then
|
||||
recipients="$recipients $mail"
|
||||
else
|
||||
# But replace an user name without a domain after by its email
|
||||
if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null)
|
||||
then
|
||||
recipients="$recipients $mail"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
echo "$recipients"
|
||||
}
|
||||
recipients=$(find_mails "$recipients")
|
||||
|
||||
# Subject base
|
||||
local mail_subject="☁️🆈🅽🅷☁️: \`$app\`"
|
||||
|
||||
# Adapt the subject according to the type of mail required.
|
||||
if [ "$type" = "backup" ]; then
|
||||
mail_subject="$mail_subject has just been backup."
|
||||
elif [ "$type" = "change_url" ]; then
|
||||
mail_subject="$mail_subject has just been moved to a new URL!"
|
||||
elif [ "$type" = "remove" ]; then
|
||||
mail_subject="$mail_subject has just been removed!"
|
||||
elif [ "$type" = "restore" ]; then
|
||||
mail_subject="$mail_subject has just been restored!"
|
||||
elif [ "$type" = "upgrade" ]; then
|
||||
mail_subject="$mail_subject has just been upgraded!"
|
||||
else # install
|
||||
mail_subject="$mail_subject has just been installed!"
|
||||
fi
|
||||
|
||||
ynh_add_config --template="$app_message" --destination="../conf/msg__to_send"
|
||||
|
||||
ynh_delete_file_checksum --file="../conf/msg__to_send"
|
||||
|
||||
local mail_message="This is an automated message from your beloved YunoHost server.
|
||||
|
||||
Specific information for the application $app.
|
||||
|
||||
$(cat "../conf/msg__to_send")"
|
||||
|
||||
# Store the message into a file for further modifications.
|
||||
echo "$mail_message" > mail_to_send
|
||||
|
||||
# If a html email is required. Apply html tags to the message.
|
||||
if [ "$admin_mail_html" -eq 1 ]
|
||||
then
|
||||
# Insert 'br' tags at each ending of lines.
|
||||
ynh_replace_string "$" "<br>" mail_to_send
|
||||
|
||||
# Insert starting HTML tags
|
||||
sed --in-place '1s@^@<!DOCTYPE html>\n<html>\n<head></head>\n<body>\n@' mail_to_send
|
||||
|
||||
# Keep tabulations
|
||||
ynh_replace_string " " "\ \ " mail_to_send
|
||||
ynh_replace_string "\t" "\ \ " mail_to_send
|
||||
|
||||
# Insert url links tags
|
||||
ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "<a href=\"\2\">\1</a>" mail_to_send
|
||||
|
||||
# Insert finishing HTML tags
|
||||
echo -e "\n</body>\n</html>" >> mail_to_send
|
||||
|
||||
# Otherwise, remove tags to keep a plain text.
|
||||
else
|
||||
# Remove URL tags
|
||||
ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
|
||||
ynh_replace_string "__URL_TAG2__" ": " mail_to_send
|
||||
fi
|
||||
|
||||
# Define binary to use for mail command
|
||||
if [ -e /usr/bin/bsd-mailx ]
|
||||
then
|
||||
local mail_bin=/usr/bin/bsd-mailx
|
||||
else
|
||||
local mail_bin=/usr/bin/mail.mailutils
|
||||
fi
|
||||
|
||||
if [ "$admin_mail_html" -eq 1 ]
|
||||
then
|
||||
content_type="text/html"
|
||||
else
|
||||
content_type="text/plain"
|
||||
fi
|
||||
|
||||
# Send the email to the recipients
|
||||
cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
|
||||
}
|
9
tests.toml
Normal file
9
tests.toml
Normal file
|
@ -0,0 +1,9 @@
|
|||
test_format = 1.0
|
||||
|
||||
[default]
|
||||
|
||||
# -------------------------------
|
||||
# Commits to test upgrade from
|
||||
# -------------------------------
|
||||
|
||||
test_upgrade_from.8899759a3264b9200920cf5f546fc519297b78ac.name = "Upgrade from 1.28.1~ynh1"
|
Loading…
Reference in a new issue